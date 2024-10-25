ARTICLE
25 October 2024

The SEC's Action On Cyber Disclosures Should Serve As A Wake Up Call

The SEC's recent actions against Unisys, Avaya, Check Point, and Mimecast really drive home how serious regulators are about cybersecurity disclosures these days.
The SEC's recent actions against Unisys, Avaya, Check Point, and Mimecast really drive home how serious regulators are about cybersecurity disclosures these days. If companies try to downplay or gloss over actual cyber breaches, they're not just risking hefty fines—they're also putting their reputation on the line. The SEC is making it clear: don't talk about cybersecurity risks as if they're just hypothetical when you know something has actually happened. Investors deserve to know the real scope and impact of any incidents.

We see this as a wake-up call for companies to strengthen how they handle and disclose cybersecurity issues. It's crucial to have solid processes in place for quickly detecting, assessing, and reporting any cyber events, not to mention proactively establishing an incident response plan. This isn't just an IT issue; it requires collaboration across legal, compliance, and investor relations teams to ensure the information shared is accurate and complete. By enhancing your cybersecurity governance and being transparent, you're not only staying on the right side of regulations but also building trust with your investors and protecting your company's value.

“As today’s enforcement actions reflect, while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered,” said Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement. “Here, the SEC’s orders find that these companies provided misleading disclosures about the incidents at issue, leaving investors in the dark about the true scope of the incidents.”

